marko ristic - capital professional fulfillment, prestigious and well-paid job, immersion in the...
Post on 10-Jul-2020
0 Views
Preview:
TRANSCRIPT
Security in age of Digital
TransformationMarko Ristic
marko.ristic@softline.com
+381653306626
We convert digital
technologies into
profit of our
customers and well-
being of the citizens
BusinessWe help developing and
implementing Digital
Transformation scenarios
that increase profits and
bring new income
generating models
GovernmentIn every country we operate,
we seek to contribute in
building e-government, a
vital competitive edge in the
world scene for any nation
SocietyWe make Digital
Technologies widely
available, this facilitates
sustainable development of
the society and improves
accessibility of education,
healthcare and public
services
EmployeesTo every employee we offer
professional fulfillment,
prestigious and well-paid
job, immersion in the latest
digital technologies
We are a global IT
services provider that
helps businesses and
governments to carry
out digital
transformation
Softline Mission: We Help Businesses and Public Sector
Operate Efficiently in Digital Economy
Softline Facts and Figures
25 years
in the IT market
3000+ completed projects
Local offices in
50+countries
95+cities
+30%growth in FY2017in the group of companies
1.19 Billion $FY2017 Sales Volume
4800+team members
1000+engineers and developers
1500+account managers
Softline is a leading global Information Technology solutions and services provider focused on emerging
markets including Eastern Europe, Central Asia, Americas, South-East Asia, India
1000+sales and technical presale
professionals
Global Presence as the Strategy Component
2018FY:
operations in
50+ countries,
95+ cities
Coming Soon:Africa
Middle East
Indonesia
South Korea
Russia
Central Asia
Azerbaijan
Armenia
Belarus
Georgia
Kazakhstan
Kyrgyzstan
Moldova
Tajikistan
Turkmenistan
Turkey
Uzbekistan
Asia
Bangladesh
Cambodia
Laos
Malaysia
Mongolia
Myanmar
Philippines
Thailand
Vietnam
India
Latin America
Argentina
Bolivia
Brazil
Chile
Colombia
Costa Rica
Dominican Republic
Guatemala
Equador
Honduras
Mexico
Nicaragua
Panama
Paraguay
Peru
Salvador
Uruguay
Venezuela
USA
Eastern Europe
Bulgaria
Croatia
Hungary
Romania
Serbia
Slovenia
Top Positions in Rankings
#1 Top 3 Top 5 Listed in
Largest Russian IT
Companies in
Cybersecurity,
2017
Largest Russian
SaaS Providers
2017
Largest IT
Providers for
Retail, 2017
• Largest Russian IaaS
Providers 2017
• Largest IT Providers
for Governmental
Cutomers, 2017
• Largest IT Providers
for Banking, 2017
• Russian Largest
SaaS Providers,
2016
Largest IT Providers
for Telecom
Operators, 2017
RAEX 600 Largest
Russian Companies
2017
200 Russian Largest
Companies, 2017
Best Datacenter in CIS
countries in 2016
Softline has been awarded for
building Republican Datacenter
in Minsk, Belarus
• Largest IT
Providers for
Manufacturing,
2017
• Largest BI
solution
providers, 2017
Commnews SaaS
Services Ranking
2017
Top 10
RAEX 600
mayores
empresas rusas
de TIC 2017Russia’s Largest IT
Companies 2017
Challenges with the complex environment
Employees
Business partners
Customers
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
The problem is ubiquitous
Intellectual Property theft has
increased
56% rise data theft
Accidental or malicious breaches due to lack of internal controls
88% of organizations are Losing control of data
80% of employees admit to use non-approved SaaS app 91% of breaches could have been
avoided
Organizations no longer confident in their ability to detect and prevent threats
Saving files to non-approved cloud storage apps is common
IntelligentInnovativeHolistic Identity-driven
Addresses security challenges across users (identities),
devices, data, apps, and platforms―on-premises and in the
cloud
Offers one protected common identity for secure access to all
corporate resources, on-premises and in the cloud, with risk-based conditional
access
Protects your data from new and
changing cybersecurity attacks
Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a
vast amount of datasets and machine learning in the cloud.
Identity anchors our approach to security
IDENTITY – DRIVEN SECURITY
Three steps to identity-driven security
IDENTITY – DRIVEN SECURITY
1. Protect at the front doorSafeguard your resources at the front door with innovative and advanced risk-based conditional accesses
2. Protect your data against user mistakesGain deep visibility into user, device, and data activity on-premises and in the cloud.
3. Detect attacks before they cause
damageUncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
Protect at the front door
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
IDENTITY – DRIVEN SECURITY
Protect your data against user mistakes
IDENTITY – DRIVEN SECURITY
Azure Information Protection
Classify & Label
Protect
How do I control data on-premises and in the cloud
Monitor and Respond
Microsoft Intune
How do I prevent data leakage from my mobile apps?
LOB app protection
DLP for O365 mobile apps
Optional device management
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility and control of my cloud apps?
Detect attacks before they cause damage
IDENTITY – DRIVEN SECURITY
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security
Behavioral analytics
Detection in the cloud
Anomaly detection
Azure Active Directory Premium
Security reporting and monitoring (access & usage)
WHY AZURE INFORMATION PROTECTION?
Persistent protection
Safe sharing
Intuitive experience
Greater
control
Classify Data – Begin the Journey
SECRET
CONFIDENTIAL
INTERNAL
NOT RESTRICTED
IT admin sets policies, templates, and rules
PERSONAL
Classify data based on sensitivity
Start with the data that is most sensitive
IT can set automatic rules; users can complement it
Associate actions such as visual markings and protection
Scoped Policies
Policies for specific
groups/departments
Can be viewed and applied only by
the members of that group
Customization options for labels,
sub-labels, and settings like
mandatory labeling, default label,
and justifications
Automatic classification - example
Constoso Page|1 CONFIDENTIAL
DueDiligenceDocumentationDueDiligenceCategory DocumentationTask Owner Status
BusinessPlan,CorporateStructure,Financing
Businessplan Currentfive-yearbusinessplan
Priorbusinessplan
Corporateorganization
Articlesofincorporation
Bylaws
Recentchangesincorporatestructure
Parent,subsidiaries,andaffiliates
Shareholders’agreements
Minutesfromboardmeetings
Shareholders Numberofoutstandingshares
Stockoptionplan
Samplesofcommonandpreferredstockcertificates,debentures,andotheroutstandingsecurities
Warrants,options,andotherrightstoacquireequitysecurities
Currentshareholders,includingnumberofsharesowned,datesthatshareswereacquired,considerationsreceived,andcontact
information
Relevantprivateplacementmemorandaandotherofferingcirculars
Lenders Convertible,senior,orotherdebtfinancing
Banklinesofcredit,loanagreements,orguarantees
Loandefaultsorexpecteddefaults
Recentcorporatetransactions
Descriptionandrationaleforeachtransaction
Purchaseandsaleagreements
Regulations Businesslicenses
Environmentalpermits
Workers’healthandsafetypermits
Marketing,Products,Sales,Service
Marketanalysis Competitionbyproductline(includecontactdetails,marketsize,marketshare,andcompetitiveadvantagesanddisadvantages)
Industryandmarketresearch
Tradepublicationsandcontactinformation
Recommended classification - example
Reclassification and justification - example
User-driven classification - example
How Classification Works
Reclassification
You can override a classification and optionally be required to provide a justification
Automatic
Policies can be set by IT Admins for automatically applying classification and protection to data
Recommended
Based on the content you’re working on, you can be prompted with suggested classification
User set
Users can choose to apply a sensitivity label to the email or file they are working on with a single click
Manual (right-click) labeling and protection for non-Office files
Label and protect any file through the
windows shell-explorer
Select either one file, multiple files or a
folder and apply a label
Bulk classification for data at rest using PowerShell
Query for file labels and protection
attributes
Set a label and/or protection for
documents stored locally or on file
shares
Automatically discover, classify, label & protect on premises data
Azure Information Protection scanner
Configure policies to discover, classify,
label and protect on premises data
Periodically scan on premises repositories
to label and protect data
Run in discovery or enforce modes
Critical for migration scenarios and
compliance with regulations such as GDPR
Protect sensitive data in cloud apps with AIP and CAS
Role: Finance
Group: Finance
Office: London, UK
INTERNAL
Azure information
protection
Identifies document tagged
INTERNAL being shared publicly
Move to
quarantine
Restricted
to owner
USER
Uploaded to
public share
Admin notified
about problem.
CLOUD APP
SECURITY PORTAL
Apply labels based on classification
FINANCE
CONFIDENTIAL
Persistent labels that travel with the document
Labels are metadata written to documents
Labels are in clear text so that other
systems such as a DLP engine can read it
VIEW EDIT COPY PASTE
Email attachment
FILE
Protect data needing protection by:
Encrypting data
Including authentication requirement and a
definition of use rights (permissions) to the data
Providing protection that is persistent and travels
with the data
Protect data against unauthorized use
Personal apps
Corporate apps
aEZQAR]ibr{qU@M]BXNoHp9nMDAtnBfrfC;jx+Tg@XL2,Jzu()&(*7812(*:
Use rights +
Secret cola formula
WaterSugar
Brown #16
PROTECT
Usage rights and symmetric key stored in file as “license”
Each file is protected by a unique AES symmetric
License protected by customer-owned RSA
key
WaterSugar
Brown #16
UNPROTECT
How Protection Works
Use rights+
Azure RMS never sees the file content, only the license
How Protection Works
Apps protected with RMS enforce
rights
SDK
Apps use the SDKto communicate
with the RMS service/servers
File content is neversent to the RMS server/service
aEZQAR]ibr{qU@M]BXNoHp9nMDAtnBfrfC;jx+Tg@XL2,Jzu()&(*7812(*:
Use rights+
LOCAL PROCESSING ON PCS/DEVICES
Authentication & collaboration BYO Key
RMS connector
Authorization requests go to a federation service
Topology
Data protection for
organizations at different stages
of cloud adoption
Ensures security because
sensitive data is never
sent to the RMS server
Integration with on-premises
assets with minimal effort
AAD Connect
ADFS
Authentication & collaboration BYO Key
RMS connector
Authorization requests go to a federation service
Regulated EnvironmentsTopology
Data protection for
organizations at different stages
of cloud adoption
Ensures security because
sensitive data is never
sent to the RMS server
Integration with on-premises
assets with minimal effort
Hold your key on premises
(roadmap)
AAD Connect
ADFS
HYO Key
Sharing data safely with anyone
Share internally, with business partners, and customers
Bob
Jane
Internal user
*******
External user
*******
Any device/ any platform
Sue
File share
SharePoint
LoB
Monitor and Respond
Monitor use, control and block abuse
Sue
Joe blocked in North America
Jane accessed from India
Bob accessed from S. America
MAP VIEW
Jane blocked in Africa
Jane Competitors
Jane access is revoked
Sue
Bob
Jane
Visibility and control in cloud environments with CAS
Cloud App Security can read labels set
by AIP giving admins visibility into
sharing of sensitive files
Cloud App Security admins can set
policies for controlling sharing of
sensitive files and also get alerted if the
policies are violated
USER
POLICIES
Status
Viewed
Viewed
Viewed
Viewed
Viewed
United States
Name
Mark Adams
Klass Pluck
Katrina Redding
David James
Nandita Sampath
Summary List Timeline Map Settings
Personal
Public
Internal
Confidential
Highly Confidential
LABEL
Monitor, analyze and assess compliancethrough rich logs and reporting
Admins create policies
for data classification,
labeling, and protecting
Based on sensitivity of data, labels
are applied by users or automatically
Control sharing outside
your organization
Gain visibility and
control over sensitive
data even as it moves
to cloud
Protect sensitive data with
encryption or visual markings
Enterprise Mobility +Security
MicrosoftIntune
Azure Information Protection
Protect your users, devices, and apps
Detect threats early with
visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security to your cloud and SaaS apps
Manage identity with hybrid integration to protect
application access from identity attacks
MicrosoftAdvanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory Premium
A HOLISTIC SOLUTION
GO GLOBAL GO CLOUD GO INNOVATIVE
top related